Security Centre

Virgin Money has a responsibility to ensure the security of your information while you are transacting on the internet. However, you have a responsibility to take certain precautions to safeguard yourself and your money. If, after reading the material below, you have any further queries, please contact our call centre on 0860 VMONEY (866 639) or e-mail us at services@virginmoney.co.za

1. About Security

Virgin Money is committed to making sure that your online experience is safe and secure. Virgin Money uses multiple levels of security, and state-of-the-art Internet technology, beginning with your browser and ending with our own security infrastructure to ensure that access to your accounts is private and secure.

1.1 Search Engines 

Virgin Money allows search engines to access or index material contained within the public site, namely, www.virginmoney.co.za. Search engines cannot access or index material contained in any password/PIN protected sections of this website, these sections include saved online application forms and Virgin Money online services. 

1.2 Online Applications

When you apply online for accounts or services, or enroll for Virgin Money online services, you provide personal information that is necessary for Virgin Money to process your application. All customer information Virgin Money collects is protected against unauthorised access. To ensure that your application remains confidential, Virgin Money uses Secure Socket Layer (SSL technology) for transferring data. This technology encrypts (scrambles) your account information, so it is virtually impossible for anyone other than Virgin Money to read it while being transmitted over the Internet. After submitting an application online, Virgin Money strongly recommends that you end or close your browser session before leaving your computer.

1.3 Firewalls

Our network is protected by multiple firewalls to ensure security and reliability, preventing unauthorised access into secure areas.
 
1.4 Virgin Money Online Security Measures

Current best practise encryption technology is built into our browsers.

Access Number, PIN and Password

You can only use the service if you have registered for it using your access account number – the number on your credit card remember - and your own PIN. A password will also need to be selected for enhanced security. Once you have logged on to the service using your access number and PIN you will be required to enter certain digits of the password. This is to ensure that not all your logon information is displayed, to help combat Identity fraud. We will also display the last time you successfully logged on to your service.
 
Keypad

To help combat identity fraud you can make use of the online Keypad provided on the logon screen to enter your access details.

Security Violation

You only have 3 opportunities to enter your PIN correctly. After the 3rd unsuccessful attempt, you will be denied access to the service. To reset your PIN, you will need to phone the contact centre. You can reset your password online if you originally chose this functionality upon setting up your password.

Timeout

If you log on and don't use the service for 4 minutes, you will be logged out.

To access your accounts again, you will need to LOGON again.

Advanced encryption software

Virgin Money uses the most advanced internationally accepted standards of encryption technology. At present this is 128-bit encryption built into the browsers. Therefore, it is always in your best interest to update your browser to the latest released version.  Please note: Virgin Money does not advise the use of Beta versions of browsers for access to Virgin Money online services, only the commercially released browser.

2. Fraud Squad

Should you need to report your Virgin Money card as lost or stolen, or need any further information, please contact the Virgin Money contact centre on 0860 VMONEY (866 639)

3 Security on Virgin Money Online

3.1 Are you on a secure Banking site?

Check to make sure that the URL begins with "https" rather than "http". The initial connection to www.virginmoney.co.za will redirect the connection to an available Internet Banking server. The logon page will be displayed. This page contains three frames. The outer two frames are not secure as they contain marketing and general information. The login frame, where the Account Number and PIN are entered is secured using SSL (Secure Sockets Layer) encryption technology. If you are not sure that you are on the correct site, use the security checking process as explained below.
 
3.2 Ensure that you are not at spoofed site

"Spoofing" is a practice that criminals undertake to lure you to their site, with the express purpose of defrauding Internet bankers and shoppers. A "spoofed" website looks like the real website, but with a few checks it is easy to establish whether you are at the correct site.  Follow the procedures set out below under "How to check the security of Internet Banking"

3.3 What is a "certificate"?

The certificate is a digital ID book that authenticates a website. A certificate itself is a small-encrypted file that contains certain information that has been verified to be true by VeriSign. This certificate can be verified by the built in capability of any Microsoft or Netscape browser to be a real VeriSign certificate. The digital certificate is thus a tamper proof repository of information that will verify the identity of the holder, be that a person or a web server.
 
3.4 Who or what is "VeriSign"?

VeriSign was founded in 1995 and is the world's foremost Certificate Authority providing public and enterprise trust services in order to secure electronic transactions of any kind. The role of a certificate authority is very similar to the role of the Dept of Home Affairs in issuing National ID books. The Certificate Authority ensures that the information in the certificate is verified and accurate before the certificate is issued. To deliver on this promise VeriSign has built up a massive secure infrastructure that is impenetrable to hacking or internal fraud. VeriSign has a footprint in over 35 countries worldwide and is represented in Africa by the South African Certification Agency.
 
3.5 Why does Virgin Money use "VeriSign"?

VeriSign has led in the Internet security space since its inception and has a world market share of more than 80%. This is because VeriSign implements rigorous authentication procedures matched with state of the art technology that has become the defacto standard in electronic identity and security.
 
3.6 Information for Internet Explorer Users

Microsoft announced critical security lapses in their Microsoft Office and Internet Explorer browser versions and we strongly recommend that you download the patch provided by Microsoft on their website or upgrade your browser version to Internet Explorer version 6 SP1.

To find out more about this and how to download the patch click here and follow the steps provided on the Microsoft site.
 
3.7 Upgrade to IEv.6 SP1

We recommend that you always keep your browser version updated to the current version, to ensure you are using the latest in security protection.

Important Notice: To ensure that your Virgin Money online services will work immediately after uploading Internet Explorer version 6 SP1, specific Privacy Settings must be updated. Click here and closely follow the steps outlined to change these settings after downloading Internet Explorer version 6 SP1.The latest version of Internet Explorer can be downloaded at http://www.microsoft.com/ie.

Select Internet Explorer version 6 Service Pack 1 under "Latest Downloads".

Follow the steps on how to download as listed on the Microsoft site. This is quite a large download and can take anything from 45 - 90 minutes depending on your connection and modem speed. After the download please "Restart" your computer

Please note: You will only be able to upgrade to Internet Explorer 6 SP1 if you have Windows 98 or a more recent version. Windows XP already has IEv.6 SP1 installed. To check your version of Windows:

Go to your desktop
Right click on "My Computer"
Select "Properties"
Under the "General tab" - "System" will give you the details of your Windows version
 
3.8 Privacy Settings
Please ensure that after restarting your PC you change these settings listed below prior to logging on to Virgin Money Online services.

Tip: For easy reference print out this page and follow the step-by-step instructions

1. Close and/or minimise all windows
2. Right click on the Internet Explorer icon Select "Properties"
3. Open "Privacy"
4. Click on the "Advanced" tab
   
   

1. Select "Override automatic cookie handling"
2. First and third Cookies handling can be placed on "Block"
3. Click "Always allow session cookies"
4. Click "OK"
   
   

1. Click on "Edit" at the bottom
2. Type in www.VirginMoney.co.za
3. Click on "allow" and then "OK"
4. Click on "Apply" Microsoft VM (Virtual Machine)
    

1. Open "Advance Tab"
2. Scroll down to "Microsoft VM"
3. Apply a tick in "Java" console enabled (requires restart)
4. JIT compiler for virtual machine enabled Security settings:
   
   

1. Scroll down to "Security"
2. Make sure "SSL 2.0" is selected
3. Make sure "SSL 3.0" is selected
4. Make sure "TLS 1.0" is selected 
   
   

1. Select "Do not encrypted pages to disk"
2. Deselect "Warn if changing between secure and non secure pages/mode"
3. Select "Check for server certificate revocation"
4. Click on "Apply" and "OK" Restart PC now

3.9 IE Browsers with cipher strength < 128 b

Some of Internet Explorer versions 5.5, 5, and version 4, make use of a low level bit-encryption. Users of these browsers will experience slower response times.

We recommend that you upgrade your browser to Internet Explorer version 6 Service pack 1 as detailed above or follow the instructions below to update your cipher strength of your browser. (This will be advisable to clients who have Windows 95 or earlier editions)

Ensure that you are online, select "Help" in your Internet Explorer Tool Bar. Then select "About Internet Explorer". An Internet Explorer information box will appear in the centre of your screen.

The following information is contained in the box:
The Internet Explorer version, which you currently use. Cipher strength should read: "Cipher Strength: 128-bit". If your cipher strength is NOT "128-bit", please click on "Update Information" to upgrade to 128-bit cipher strength. A new browser window will open wherein you will have to click on the indicated link. The browser window will reload with new content

Click on the link specific to your browser and Operating System on the right hand side of the page. Follow instructions by selecting to run the program from "current location".

Please restart your computer after the download has completed

3.10 How to check Virgin Money Online Security

When logging onto Your Virgin Money online service, it is essential to check that you have connected to a legitimate website. Follow the steps set out below for the various browsers.

Internet Explorer

Right click on the part of the page where you enter the account number and PIN and select Properties. The window will look similar to the picture below.

Ensure that the connection field contains: 128 bit encryption (High)
Ensure that the Address (URL) field identifies a specific Virgin Money server.

Click on the Certificates button and a window will be displayed.
Select the Certification Path tab on the top of the page
Check the top two entries to ensure they mention VeriSign Class 3

 

Netscape

Right click on the part of the page where you enter the account number and PIN and select View Frame Info. The window will look similar to the picture below. – is this the right certificate??

 
Ensure that the address (URL) in the top line identifies a specific Virgin Money server and is an https:// connection.
Ensure the security heading indicates that the connection is using 128 bit encryption

At the bottom check that the certificate was issued by: VeriSign Inc. and is a Class 3 certificate

4. Internet Banking Fraud

4.1 Phishing Fraud
This scam involves fraudulent e-mails, which is an effort to extract your PIN and Password from you via e-mail. These e-mail addresses often seem genuine, because of the sender address implying that it was sent from your financial institution, however, they are NOT and there are telltale signs that will alert you to that fact.

You can often recognise fraudulent e-mails, because they generally include attachments, request your PIN and Password, or both. They try to lure you into providing private information on the spot (e.g. by replying) or including links to a site that tries to get you to disclose your PIN and Password. When such e-mails are sent, supposedly from your bank, delete them immediately.

This type of fraud has recently been used against customers of some large European and American banks.

If you are in any doubt about the source of an e-mail claiming to come from us or of the validity of a website, contact the Virgin Money call centre on 0860 VMONEY (866 639) or e-mail us on services@virginmoney.co.za.

The most important thing to remember is not to interact with the sender of the e-mail, and under no circumstances enter your PIN or Password.

We think you should know the following about Phishing

How fraudsters gain access to banking customers' e-mail addresses 

Fraudsters generate a large volume of random combinations of people's names and Information Service Provider addresses (e.g. hotmail.com, mweb.co.za, etc) by trial and error to produce potential addresses for e-mailing.

How fraudsters know where individuals' bank

They usually don't. Fraudsters sending large volumes of e-mails to random e-mail addresses can, by chance, be successful in targeting a certain bank's members.

What will happen if you receive one of these e-mails and click on the link

If you have clicked on the link, a pop up window may appear asking you to enter your Internet banking sign-on or credit card information. This window usually appears in front of a look-alike website of the Bank. Please be aware that this is a fraudulent attempt to gain access to your sign-on information and the window should be ignored and closed immediately.

No bank will ever request your PIN or Password in an e-mail. If you are concerned your personal information may have been compromised in any way, please call the Virgin Money call centre on 0860 VMONEY (866 639) or e-mail us on services@virginmoney.co.za.

What you should do if you have clicked on the link and entered any banking specific details and you have reason to believe that your banking details have been compromised.

Change your sign-on details immediately (PIN and Password). This can be done securely online within our Internet banking service or at your Virgin Money branch.

As an added precaution, contact the Virgin Money call centre on 0860 VMONEY (866 639) or e-mail us on services@virginmoney.co.za. and let us know that you suspect that your personal banking details may have been fraudulently obtained. Remember under no circumstances should you provide your PIN or Password to anybody in any discussions or correspondence.

We suggest you monitor your accounts for unusual activity and report any suspicious activity to us immediately.

Lastly, we would like to remind you to keep your PIN and Password secret. We also encourage you to install and maintain up-to-date antivirus software because personal firewalls and up-to-date programs can reduce the likelihood of online fraud

5. Scams 

Beware, don’t be caught!

NB! We will never send you a letter or e-mail requesting you to complete your personal details by clicking on a webpage link in an e-mail other than our home address www.virginmoney.co.za

In view of recent media reports of fraudulent e-mails being sent to customers of one of South Africa’s major banks please take a moment to familiarize yourself with the latest online security tips thereby ensuring that you don’t fall victim to fraudsters.

This type of online fraud is know as “Phishing” and is most commonly done through fraudulent e-mails (in conjunction with a fake website), claiming to be from a bank or other institution and asking you to confirm your personal details. Fraudsters use various ways of enticing you  - click here to see an example of a typical phishing scam.
 

6. Security Tips

6.1 ATM Security

Never give your card or PIN (Personal Identification Number) to anyone, for any reason. Not even to Virgin Money. Also, don't write your PIN on the card or anything that is kept with the card.

Do not insert your card until asked to do so by the display screen. Never use an ATM with a blank screen and, if the ATM is obscured from view or poorly lit, leave immediately and find another ATM. Remember that you use an ATM at your risk.

So, it is always important to:

• Follow the on-screen instructions carefully
  
  
• Avoid drawing cash late at night or when you are alone
  
  
• Do not force your card into the card slot
  
  
• Leave the ATM immediately if you don't feel safe
  
  
• Set your daily ATM withdrawal limit at your branch
  
  
• Be alert and conscious of your surroundings when using an ATM.
  
  
• Stand close to the ATM and use your body and hands as a shield to make sure nobody sees you keying in your PIN. Also, make sure you keep your hand over the card slot to make sure nobody can swop or take your card.
  
  
• Never hurry when using an ATM. Make sure you are not distracted, intimidated or rushed into your transaction.
  
  
• Never accept help from strangers when using an ATM. You should be wary of strangers asking for help. Criminals work in teams - one to distract you while the other steals your card or money.
  
  
• If your card is retained (swallowed) by the ATM, it is a good idea to phone the stop card line at 0860 866639(VMONEY) and stop your card. This number must also be phoned immediately if your card is lost or stolen.
  
  
• Never allow a bystander to call the toll-free stop card line on your behalf - they could be tricking you into thinking your card has been stopped.
  
  
• Guards are placed at ATM's to discourage criminal activities and therefore cannot help you with transactions. If you need help, ask a bank official

6.2 Online Banking

Just as you take precautions when using an ATM, it is in your best interest to take precautions when using Virgin Money online services. Whether you are accessing the services from an internet café, a home or work PC, we suggest the following:

• It is important to ensure that you are at the Virgin Money website. To do this check the Virgin Money Security Certificate.
  
  
• Always ensure the secrecy of your PIN number
  
  
• Never save your password on your desktop - as it may allow others to access your personal information, without your permission.
  
  
• Do not make your passwords too personal - rather create passwords that have letters and numbers that cannot be attributed to you
  
  

• Never provide your Online ID or password/PIN to anyone, never write them down or share them, not even with a bank official
  
  
• Never provide your online ID or password/PIN to any site that you do not recognise and fully trust. Only provide your Online ID or password/PIN when your browser shows a Secure Socket Layer (SSL) connection directly to Virgin Money. Do not leave your computer unattended after you have entered your Virgin Money online services Password 
  
  
• Always log or sign off at the end of a session. For your Security you only have three attempts to enter your PIN/password correctly before you are denied access to our services. If this occurs you will need to go to the branch to reset these passwords/PINS
  
  
• Do not open email from unknown sources.
  
  
• Beware of emails that ask for passwords, PINS, credit and debit card information
  
  
• Avoid using your Virgin Money online services in public areas such as internet cafes as you never know what software is loaded that may compromise your transactions.
  
  
• Make sure no one has unauthorised access to your PC. Be especially aware that there are no security cameras trained on your PC and keyboard. Ensure you have the latest anti-virus software applications loaded on your PC and keyboard.
  
  
• Make sure the software on your PC is correctly licensed. Update your operating system and browser with the latest patches. Install a personal firewall on your PC if you use a dial-up modem.
  
  
• Only provide your credit card details to reputable companies. To ensure that you are using a secure shopping site, look for the lock and key and security certificates online
  
  
• (Never tell anyone your PIN number - this includes bank staff members. A bank staff member will never ask you for your PIN. When entering your PIN information make sure that you cover the keyboard with your hand - you never know who could be watching you. ?)
  
  
• Be especially vigilant of security cameras trained on your PC if at work or in an internet café. If you receive an e-mail and are unsure if it is from Virgin Money - rather log on to the Virgin Money site at www.virginmoney.co.za directly, by typing the address into your browser.
  
  
• Do not click on any link in an e-mail that seems suspicious to you. Take care when granting signing authority to third parties. Granting signing authority allows the third party to link your account to the Internet. Ensure that you followed the steps to protect yourself against identity fraud.

7. Virus Watch

7.1 Virus Protection for Internet Banking

Virgin Money's virus protection systems are comparable to the best in the world. Comprehensive security measures are in place to limit the threats of virus infestations at all levels including Internet Banking and Internet Access.

All incoming and outgoing e-mails that are sent to and from VirginMoney.co.za address are thoroughly scanned thereby minimizing the risk that e-mail sent to or received from a Virgin Money address will contain either the MyDoom or MyDoom.B e-mail virus. These precautions will further protect Virgin Money's online service thereby ensuring the security of your money.
 
7.2 What you need to be on the lookout for

The virus often appears as an error message from "Mail Administrators" and other official-looking addresses. Be careful not to simply open e-mails that entice or prompt you to open an attachment without giving a thorough explanation of what it is about and that you feel you can trust. By simply ignoring or deleting suspicious e-mails you will more often than not be able to avoid any damage.
 
7.3 Avoid being infected by computer viruses

Update your antivirus software at least once a day - once a week or every other day is simply not enough   Avoid opening suspicious e-mails - if an e-mail seems suspicious or you cannot confirm the source of an e-mail, rather delete it

Be especially cautious of e-mails containing .exe, .scr, .zip, .bat or .pif extensions - rather be save than sorry

 8. Archived Articles

8.1. Scams

Latest e-mail scam - card holders

Please note that a new email scam is currently being circulated to all card clients. It has been established that this email communication has not been authorised by Visa or any of its representatives. This email scam is one of the latest modus operandi used by criminals to obtain as much of your personal and confidential information as possible, which will then be used to commit Identity Fraud. Click here to see a typical example of what the email looks like. Please delete this message immediately, if received.

Virgin Money's Policy

Those incidents of Advance Fee Fraud or Nigerian 419 "scams" that come to the attention of Virgin Money, where the name of our bank or its employees are misrepresented are reported to the South African Police Service who have a specialized unit dealing with this type of crime.

8.2 Virus Watch

MyDoom and MyDoom.B e-mail viruses

These e-mail viruses are not particularly harmful to information residing on your home or business computer as they will not attack or damage information stored there. This does not, however, mean that these viruses should be taken lightly. These viruses are capable of seriously overloading computer networks thereby slowing down or temporarily stopping e-mail delivery. If this happens, you are likely to experience severe delays in the receipt and/or delivery of your e-mails. Additionally, these viruses often target and overload websites making them slow to navigation and sometimes causing them to crash. Once a website has crashed, it often takes hours and sometimes even days to fix and to get the site live again. 
 
How the MyDoom viruses get spread

An e-mail infected with a virus is sent to a random recipient. The e-mail normally includes an .exe, .scr, .zip, .bat or .pif extension which is used to entice the recipient to open the e-mail. As soon as the e-mail is opened, the virus is activated (the virus can be activated by simply opening the e-mail, it is not always necessary to open the attachment to activate the e-mail). Once activated, the virus starts sending itself to all the e-mail addresses stored on a recipient's computer. When the new recipients of the virus opens the e-mail, the process starts over again and soon the e-mail networks become overloaded and slow down or grind to a halt.
 
8.3 Risk of being infected by the viruses
 
Anybody that uses a computer linked to the Internet or that sends and receives e-mails could be at risk of being infected by these viruses